Import Root CA/Intermediate CA to auth all future certs signed by the CA

asked 2017-09-27 11:03:28 +0300

devc0x gravatar image

Is is possible that ConfigWinRMCertificateAuthPlugin to parse the client cert signed by the Root CA and configure the WinRM service so that all future certs generated and signed by the same Root CA will be automatically trusted and accepted by the WinRM service?

I have used meta data service to pass the certificate to the Cloudbase-init service. When used cert generated by https://raw.githubusercontent.com/clo... WinRM service works no problem. When tried with my own cert generated by the Root CA the Cloudbase-init service fails with cryptoapi error 0x80093102 message. Here is the cert in PEM format:

-----BEGIN CERTIFICATE-----
MIID1TCCAr2gAwIBAgIUIbTJ6quMhEoBmf/IWoFQ8vltbnQwDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAxMLUm9vdCBDQSBQUFIwHhcNMTcwOTI3MDczNjI5WhcNMTcw
OTMwMDczNjU5WjASMRAwDgYDVQQDEwdydW5kZWNrMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEApRVYgsFtMympZjjd/VPXsTedNUw0odhQiOp1QueCCV5c
f79e/5u3ymOC7O3q+EKXFJPqELOcAa5p3UxxBOjuKBPAdzXgtecIuSnhpRFXFK59
/l7FrjMjlgQNgBtkoywSqiGFb4dKXfi0T4bnZa0sSVLQonkrz6XrSAt9CTFGOJFN
BmP6Koo7iLPkp3TLQIgqXef3SznjWXxcAN9kNCb4aMEj9L2bUJ2LD+rDdkqCYRAX
MkzZ4JsGGZ0xvSDGkAde7bweQY+xk3ULOBAVkC36TfPTWZ3oNknVwu7H5slwSaS9
pUYx4mJK3JBeakk0v8zoQDBubSD0WlfxYnZd9wN5EQIDAQABo4IBHTCCARkwDgYD
VR0PAQH/BAQDAgOoMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNV
HQ4EFgQU4y+ozX/QxkKQ091JpCbJaNzivtEwHwYDVR0jBBgwFoAUmOzEvWKLMBXH
RvSS+UJH48Q50hkwTgYIKwYBBQUHAQEEQjBAMD4GCCsGAQUFBzAChjJodHRwOi8v
cnVuZGVja3BwcmhhLmNsb3VkLmNvc25nLm5ldDo4MjAwL3YxL3BraS9jYTASBgNV
HREECzAJggdydW5kZWNrMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9ydW5kZWNr
cHByaGEuY2xvdWQuY29zbmcubmV0OjgyMDAvdjEvcGtpL2NybDANBgkqhkiG9w0B
AQsFAAOCAQEAGzf4mHwtmgkb/UZfYwQRj50aPSBWBspAbp2Wk4Mdd7o1qen0rrZx
Vq5e/8M1ddcpB9PLLeBTVsrmPA26RQoABIp0aMitc9nzGA5v9Zbl7AB8cnIA0c/m
eBSSi7m6GRBHMCORKG1hQA6OPyTTbKx+dvFyLl9avPxBZ7S1BFwvnqgiSioG3JZi
ffb12q0ymKs3ex4+24d+dhDXh1U018pVIK/EOP23WF7E/LB8vfoWzOmxU/elXYza
NAxqzlMOmE5xJJ2yjVMnVWcY4CX3/3BIbovNxkFXMHy2q6ZQIFhl1VYq9iEl3pVF
2u7+tXU9gXWkOnCtLc0I/D2pSdxYwkONVQ==
-----END CERTIFICATE-----
edit retag flag offensive close merge delete